doxygen/pbkdf_8h_source.html

/*

* PBKDF

* (C) 1999-2007,2012,2015 Jack Lloyd

*

* Botan is released under the Simplified BSD License (see license.txt)

*/


#ifndef BOTAN_PBKDF_H_

#define BOTAN_PBKDF_H_


#include <botan/symkey.h>

#include <chrono>


namespace Botan {


/**

* Base class for PBKDF (password based key derivation function)

* implementations. Converts a password into a key using a salt

* and iterated hashing to make brute force attacks harder.

*

* Starting in 2.8 this functionality is also offered by PasswordHash.

* The PBKDF interface may be removed in a future release.

*/

class BOTAN_PUBLIC_API(2,0) PBKDF

   {

   public:

      /**

      * Create an instance based on a name

      * If provider is empty then best available is chosen.

      * @param algo_spec algorithm name

      * @param provider provider implementation to choose

      * @return a null pointer if the algo/provider combination cannot be found

      */

      static std::unique_ptr<PBKDF> create(const std::string& algo_spec,

                                           const std::string& provider = "");


      /**

      * Create an instance based on a name, or throw if the

      * algo/provider combination cannot be found. If provider is

      * empty then best available is chosen.

      */

      static std::unique_ptr<PBKDF>

         create_or_throw(const std::string& algo_spec,

                         const std::string& provider = "");


      /**

      * @return list of available providers for this algorithm, empty if not available

      */

      static std::vector<std::string> providers(const std::string& algo_spec);


      /**

      * @return new instance of this same algorithm

      */

      virtual PBKDF* clone() const = 0;


      /**

      * @return name of this PBKDF

      */

      virtual std::string name() const = 0;


      virtual ~PBKDF() = default;


      /**

      * Derive a key from a passphrase for a number of iterations

      * specified by either iterations or if iterations == 0 then

      * running until msec time has elapsed.

      *

      * @param out buffer to store the derived key, must be of out_len bytes

      * @param out_len the desired length of the key to produce

      * @param passphrase the password to derive the key from

      * @param salt a randomly chosen salt

      * @param salt_len length of salt in bytes

      * @param iterations the number of iterations to use (use 10K or more)

      * @param msec if iterations is zero, then instead the PBKDF is

      *        run until msec milliseconds has passed.

      * @return the number of iterations performed

      */

      virtual size_t pbkdf(uint8_t out[], size_t out_len,

                           const std::string& passphrase,

                           const uint8_t salt[], size_t salt_len,

                           size_t iterations,

                           std::chrono::milliseconds msec) const = 0;


      /**

      * Derive a key from a passphrase for a number of iterations.

      *

      * @param out buffer to store the derived key, must be of out_len bytes

      * @param out_len the desired length of the key to produce

      * @param passphrase the password to derive the key from

      * @param salt a randomly chosen salt

      * @param salt_len length of salt in bytes

      * @param iterations the number of iterations to use (use 10K or more)

      */

      void pbkdf_iterations(uint8_t out[], size_t out_len,

                            const std::string& passphrase,

                            const uint8_t salt[], size_t salt_len,

                            size_t iterations) const;


      /**

      * Derive a key from a passphrase, running until msec time has elapsed.

      *

      * @param out buffer to store the derived key, must be of out_len bytes

      * @param out_len the desired length of the key to produce

      * @param passphrase the password to derive the key from

      * @param salt a randomly chosen salt

      * @param salt_len length of salt in bytes

      * @param msec if iterations is zero, then instead the PBKDF is

      *        run until msec milliseconds has passed.

      * @param iterations set to the number iterations executed

      */

      void pbkdf_timed(uint8_t out[], size_t out_len,

                         const std::string& passphrase,

                         const uint8_t salt[], size_t salt_len,

                         std::chrono::milliseconds msec,

                         size_t& iterations) const;


      /**

      * Derive a key from a passphrase for a number of iterations.

      *

      * @param out_len the desired length of the key to produce

      * @param passphrase the password to derive the key from

      * @param salt a randomly chosen salt

      * @param salt_len length of salt in bytes

      * @param iterations the number of iterations to use (use 10K or more)

      * @return the derived key

      */

      secure_vector<uint8_t> pbkdf_iterations(size_t out_len,

                                           const std::string& passphrase,

                                           const uint8_t salt[], size_t salt_len,

                                           size_t iterations) const;


      /**

      * Derive a key from a passphrase, running until msec time has elapsed.

      *

      * @param out_len the desired length of the key to produce

      * @param passphrase the password to derive the key from

      * @param salt a randomly chosen salt

      * @param salt_len length of salt in bytes

      * @param msec if iterations is zero, then instead the PBKDF is

      *        run until msec milliseconds has passed.

      * @param iterations set to the number iterations executed

      * @return the derived key

      */

      secure_vector<uint8_t> pbkdf_timed(size_t out_len,

                                      const std::string& passphrase,

                                      const uint8_t salt[], size_t salt_len,

                                      std::chrono::milliseconds msec,

                                      size_t& iterations) const;


      // Following kept for compat with 1.10:


      /**

      * Derive a key from a passphrase

      * @param out_len the desired length of the key to produce

      * @param passphrase the password to derive the key from

      * @param salt a randomly chosen salt

      * @param salt_len length of salt in bytes

      * @param iterations the number of iterations to use (use 10K or more)

      */

      OctetString derive_key(size_t out_len,

                             const std::string& passphrase,

                             const uint8_t salt[], size_t salt_len,

                             size_t iterations) const

         {

         return pbkdf_iterations(out_len, passphrase, salt, salt_len, iterations);

         }


      /**

      * Derive a key from a passphrase

      * @param out_len the desired length of the key to produce

      * @param passphrase the password to derive the key from

      * @param salt a randomly chosen salt

      * @param iterations the number of iterations to use (use 10K or more)

      */

      template<typename Alloc>

      OctetString derive_key(size_t out_len,

                             const std::string& passphrase,

                             const std::vector<uint8_t, Alloc>& salt,

                             size_t iterations) const

         {

         return pbkdf_iterations(out_len, passphrase, salt.data(), salt.size(), iterations);

         }


      /**

      * Derive a key from a passphrase

      * @param out_len the desired length of the key to produce

      * @param passphrase the password to derive the key from

      * @param salt a randomly chosen salt

      * @param salt_len length of salt in bytes

      * @param msec is how long to run the PBKDF

      * @param iterations is set to the number of iterations used

      */

      OctetString derive_key(size_t out_len,

                             const std::string& passphrase,

                             const uint8_t salt[], size_t salt_len,

                             std::chrono::milliseconds msec,

                             size_t& iterations) const

         {

         return pbkdf_timed(out_len, passphrase, salt, salt_len, msec, iterations);

         }


      /**

      * Derive a key from a passphrase using a certain amount of time

      * @param out_len the desired length of the key to produce

      * @param passphrase the password to derive the key from

      * @param salt a randomly chosen salt

      * @param msec is how long to run the PBKDF

      * @param iterations is set to the number of iterations used

      */

      template<typename Alloc>

      OctetString derive_key(size_t out_len,

                             const std::string& passphrase,

                             const std::vector<uint8_t, Alloc>& salt,

                             std::chrono::milliseconds msec,

                             size_t& iterations) const

         {

         return pbkdf_timed(out_len, passphrase, salt.data(), salt.size(), msec, iterations);

         }

   };


/*

* Compatibility typedef

*/

typedef PBKDF S2K;


/**

* Password based key derivation function factory method

* @param algo_spec the name of the desired PBKDF algorithm

* @param provider the provider to use

* @return pointer to newly allocated object of that type

*/

inline PBKDF* get_pbkdf(const std::string& algo_spec,

                        const std::string& provider = "")

   {

   return PBKDF::create_or_throw(algo_spec, provider).release();

   }


inline PBKDF* get_s2k(const std::string& algo_spec)

   {

   return get_pbkdf(algo_spec);

   }


}


#endif

Botan::OctetString
Definition: symkey.h:20

Botan::PBKDF
Definition: pbkdf.h:25

Botan::PBKDF::derive_key
OctetString derive_key(size_t out_len, const std::string &passphrase, const std::vector< uint8_t, Alloc > &salt, std::chrono::milliseconds msec, size_t &iterations) const
Definition: pbkdf.h:211

Botan::PBKDF::pbkdf
virtual size_t pbkdf(uint8_t out[], size_t out_len, const std::string &passphrase, const uint8_t salt[], size_t salt_len, size_t iterations, std::chrono::milliseconds msec) const =0

Botan::PBKDF::~PBKDF
virtual ~PBKDF()=default

Botan::PBKDF::derive_key
OctetString derive_key(size_t out_len, const std::string &passphrase, const uint8_t salt[], size_t salt_len, size_t iterations) const
Definition: pbkdf.h:160

Botan::PBKDF::derive_key
OctetString derive_key(size_t out_len, const std::string &passphrase, const uint8_t salt[], size_t salt_len, std::chrono::milliseconds msec, size_t &iterations) const
Definition: pbkdf.h:193

Botan::PBKDF::create_or_throw
static std::unique_ptr< PBKDF > create_or_throw(const std::string &algo_spec, const std::string &provider="")
Definition: pbkdf.cpp:72

Botan::PBKDF::derive_key
OctetString derive_key(size_t out_len, const std::string &passphrase, const std::vector< uint8_t, Alloc > &salt, size_t iterations) const
Definition: pbkdf.h:176

Botan::PBKDF::clone
virtual PBKDF * clone() const =0

Botan::PBKDF::name
virtual std::string name() const =0

BOTAN_PUBLIC_API
#define BOTAN_PUBLIC_API(maj, min)
Definition: compiler.h:31

Botan
Definition: alg_id.cpp:13

Botan::get_pbkdf
PBKDF * get_pbkdf(const std::string &algo_spec, const std::string &provider="")
Definition: pbkdf.h:232

Botan::S2K
PBKDF S2K
Definition: pbkdf.h:224

Botan::get_s2k
PBKDF * get_s2k(const std::string &algo_spec)
Definition: pbkdf.h:238

Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:65

salt_len
size_t salt_len
Definition: x509_obj.cpp:25